PreCheck "Hack" reached press
#46
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Has anyone gotten the scanner app to work with the bar code produced by the airlines' phone apps for mobile boarding passes? Mine only works with the one the website produces for printing at home.
#47
Join Date: Apr 2009
Location: WAS
Programs: AMEX Platinum, Global Entry, Priority Pass, SPG Gold, HHonors Gold
Posts: 1,594
https://itunes.apple.com/us/app/qraf...416098700?mt=8
#48
Join Date: Oct 2006
Location: ORD
Programs: AA Platinum, HHonors Diamond
Posts: 1,177
Firstly, what on earth are you talking about? If you can read a pdf you can certainly change it. ...
Secondly, many people have asserted that these barcodes include signatures. But I've never seen any pointer to any evidence of this. Does anyone have any actual information on this purported signature? I'm quite skeptical because there doesn't seem to be enough bits in the barcodes to contain a particularly strong signature. ...
Moreover there's a fundamental weakness in a signature based scheme. The signing key would have to be in every terminal everywhere in the world belonging to every organization that can issue boarding passes. It wouldn't be very long before the key was leaked. ...
Secondly, many people have asserted that these barcodes include signatures. But I've never seen any pointer to any evidence of this. Does anyone have any actual information on this purported signature? I'm quite skeptical because there doesn't seem to be enough bits in the barcodes to contain a particularly strong signature. ...
Moreover there's a fundamental weakness in a signature based scheme. The signing key would have to be in every terminal everywhere in the world belonging to every organization that can issue boarding passes. It wouldn't be very long before the key was leaked. ...
zwkIG+jSp
Which is what appears when I scan my AA boarding pass. Obviously, I understand I can change the text, but doing so means that the text no longer matches the digital signature --- causing the BP to be rejected by the PreCheck scanner.
The private key does not have to be universally available. AA has one, and they generate the signature for my PNR centrally. It certainly does not have to be "have to be in every terminal everywhere in the world." They do have to be with every issuing organization, but that is why every organization cannot participate in PreCheck.